From 09ddad53f1011993d820dd8ead8d8fb17d1d818c Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Thu, 22 Jan 2026 19:17:01 +0100 Subject: [PATCH 1/8] Configure Dependabot for daily schedule with 7-day cooldown --- .github/dependabot.yml | 4 +++- .github/workflows/Action-Test.yml | 6 +++--- .github/workflows/Auto-Release.yml | 4 ++-- .github/workflows/Linter.yml | 4 ++-- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 53188fe..0da2fac 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,4 +11,6 @@ updates: - dependencies - github-actions schedule: - interval: weekly + interval: daily + cooldown: + default-days: 7 diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml index 2b89aa3..6b5a2a0 100644 --- a/.github/workflows/Action-Test.yml +++ b/.github/workflows/Action-Test.yml @@ -23,10 +23,10 @@ jobs: steps: # Need to check out as part of the test, as its a local action - name: Checkout repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Upload Artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: Docs path: README.md @@ -38,7 +38,7 @@ jobs: steps: # Need to check out as part of the test, as its a local action - name: Checkout repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Action-Test uses: ./ diff --git a/.github/workflows/Auto-Release.yml b/.github/workflows/Auto-Release.yml index dad9961..45568fc 100644 --- a/.github/workflows/Auto-Release.yml +++ b/.github/workflows/Auto-Release.yml @@ -26,9 +26,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Auto-Release - uses: PSModule/Auto-Release@v1 + uses: PSModule/Auto-Release@eabd533035e2cb9822160f26f2eda584bd012356 # v1.9.5 env: GITHUB_TOKEN: ${{ github.token }} diff --git a/.github/workflows/Linter.yml b/.github/workflows/Linter.yml index 1962629..7ed0fe3 100644 --- a/.github/workflows/Linter.yml +++ b/.github/workflows/Linter.yml @@ -19,12 +19,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Lint code base - uses: super-linter/super-linter@latest + uses: super-linter/super-linter@d5b0a2ab116623730dd094f15ddc1b6b25bf7b99 # v8.3.2 env: GITHUB_TOKEN: ${{ github.token }} VALIDATE_JSON_PRETTIER: false From 9decc68e36faa8abbe38697549fbc0d41a27fe57 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Thu, 22 Jan 2026 21:52:49 +0100 Subject: [PATCH 2/8] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Update=20actions/?= =?UTF-8?q?download-artifact=20to=20specific=20version=20for=20stability?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index fda0295..3b2f52e 100644 --- a/action.yml +++ b/action.yml @@ -46,7 +46,7 @@ runs: ${{ github.action_path }}/scripts/main.ps1 - name: Download Artifact - uses: actions/download-artifact@v6 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: ${{ inputs.ArtifactName }} path: ${{ steps.workflow_run_id.outputs.Path }} From 93b1a671554deb3714f2197b196c8ee51fcf2a33 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 25 Jan 2026 18:34:00 +0100 Subject: [PATCH 3/8] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Fix=20grammar=20i?= =?UTF-8?q?n=20README=20and=20action.yml=20for=20WorkflowRunID=20descripti?= =?UTF-8?q?on?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 +- action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b73b67c..28f0197 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ As an example, terraform plans can be uploaded as artifacts in a PR CI workflow | - | - | - | - | | `Path` | The path to the artifact to download. | No | | | `WorkflowID` | The filename or ID of the workflow to download the artifact from. You must provide either `WorkflowID` or `WorkflowRunID`. | No | '' | -| `WorkflowRunID` | The ID of the workflow run where the artifact will be download from. You must provide either `WorkflowID` or `WorkflowRunID`. | No | '' | +| `WorkflowRunID` | The ID of the workflow run where the artifact will be downloaded from. You must provide either `WorkflowID` or `WorkflowRunID`. | No | '' | | `ArtifactName` | Name of the artifact to download. If unspecified, all artifacts for the run are downloaded. | Yes | | | `GITHUB_TOKEN` | The GitHub token used to authenticate with the GitHub API. | Yes | | | `WorkingDirectory` | The working directory where the artifact will be downloaded to. Default is the root of the repository. | No | `${{ github.workspace }}` | diff --git a/action.yml b/action.yml index 3b2f52e..889d024 100644 --- a/action.yml +++ b/action.yml @@ -15,7 +15,7 @@ inputs: default: '' WorkflowRunID: description: | - The ID of the workflow run where the artifact will be download from. + The ID of the workflow run where the artifact will be downloaded from. You must provide either `WorkflowID` or `WorkflowRunID`. required: false default: '' From 5cea771361cfbad5ab85a899194705be0ab8146c Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 25 Jan 2026 21:30:28 +0100 Subject: [PATCH 4/8] =?UTF-8?q?=F0=9F=A9=B9=20[Refactor]:=20Remove=20Auto-?= =?UTF-8?q?Release=20workflow=20and=20update=20main=20script=20path=20in?= =?UTF-8?q?=20action.yml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../workflows/{Auto-Release.yml => Release.yml} | 15 ++++++++++----- action.yml | 2 +- {scripts => src}/main.ps1 | 0 3 files changed, 11 insertions(+), 6 deletions(-) rename .github/workflows/{Auto-Release.yml => Release.yml} (68%) rename {scripts => src}/main.ps1 (100%) diff --git a/.github/workflows/Auto-Release.yml b/.github/workflows/Release.yml similarity index 68% rename from .github/workflows/Auto-Release.yml rename to .github/workflows/Release.yml index 45568fc..47d3f27 100644 --- a/.github/workflows/Auto-Release.yml +++ b/.github/workflows/Release.yml @@ -1,9 +1,9 @@ -name: Auto-Release +name: Release -run-name: "Auto-Release - [${{ github.event.pull_request.title }} #${{ github.event.pull_request.number }}] by @${{ github.actor }}" +run-name: "Release - [${{ github.event.pull_request.title }} #${{ github.event.pull_request.number }}] by @${{ github.actor }}" on: - pull_request_target: + pull_request: branches: - main types: @@ -12,6 +12,9 @@ on: - reopened - synchronize - labeled + paths: + - 'action.yml' + - 'src/**' concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -22,13 +25,15 @@ permissions: pull-requests: write # Required to create comments on the PRs jobs: - Auto-Release: + Release: runs-on: ubuntu-latest steps: - name: Checkout Code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - - name: Auto-Release + - name: Release uses: PSModule/Auto-Release@eabd533035e2cb9822160f26f2eda584bd012356 # v1.9.5 env: GITHUB_TOKEN: ${{ github.token }} diff --git a/action.yml b/action.yml index 889d024..e0b9f11 100644 --- a/action.yml +++ b/action.yml @@ -43,7 +43,7 @@ runs: PSMODULE_DOWNLOAD_CIARTIFACT_INPUT_WorkflowRunID: ${{ inputs.WorkflowRunID }} run: | # Download-CIArtifact - ${{ github.action_path }}/scripts/main.ps1 + ${{ github.action_path }}/src/main.ps1 - name: Download Artifact uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 diff --git a/scripts/main.ps1 b/src/main.ps1 similarity index 100% rename from scripts/main.ps1 rename to src/main.ps1 From 087865beeaec37f6809f9d0be2135b3817624aaa Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 25 Jan 2026 21:45:03 +0100 Subject: [PATCH 5/8] fix: Add persist-credentials: false to checkout actions --- .github/workflows/Action-Test.yml | 4 ++++ .github/workflows/Linter.yml | 2 ++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/Action-Test.yml b/.github/workflows/Action-Test.yml index 6b5a2a0..09bc6cf 100644 --- a/.github/workflows/Action-Test.yml +++ b/.github/workflows/Action-Test.yml @@ -24,6 +24,8 @@ jobs: # Need to check out as part of the test, as its a local action - name: Checkout repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Upload Artifact uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 @@ -39,6 +41,8 @@ jobs: # Need to check out as part of the test, as its a local action - name: Checkout repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Action-Test uses: ./ diff --git a/.github/workflows/Linter.yml b/.github/workflows/Linter.yml index 7ed0fe3..377763a 100644 --- a/.github/workflows/Linter.yml +++ b/.github/workflows/Linter.yml @@ -22,11 +22,13 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + persist-credentials: false - name: Lint code base uses: super-linter/super-linter@d5b0a2ab116623730dd094f15ddc1b6b25bf7b99 # v8.3.2 env: GITHUB_TOKEN: ${{ github.token }} + VALIDATE_BIOME_FORMAT: false VALIDATE_JSON_PRETTIER: false VALIDATE_MARKDOWN_PRETTIER: false VALIDATE_YAML_PRETTIER: false From f1ddf48511e151c560c180fb51224eb3ca3c310d Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 25 Jan 2026 22:00:42 +0100 Subject: [PATCH 6/8] Disable JSCPD linter and remove configuration file --- .github/linters/.jscpd.json | 10 ---------- .github/workflows/Linter.yml | 1 + 2 files changed, 1 insertion(+), 10 deletions(-) delete mode 100644 .github/linters/.jscpd.json diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json deleted file mode 100644 index 23970e8..0000000 --- a/.github/linters/.jscpd.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "threshold": 0, - "reporters": [ - "consoleFull" - ], - "ignore": [ - "**/tests/**" - ], - "absolute": true -} diff --git a/.github/workflows/Linter.yml b/.github/workflows/Linter.yml index 377763a..3a07190 100644 --- a/.github/workflows/Linter.yml +++ b/.github/workflows/Linter.yml @@ -29,6 +29,7 @@ jobs: env: GITHUB_TOKEN: ${{ github.token }} VALIDATE_BIOME_FORMAT: false + VALIDATE_JSCPD: false VALIDATE_JSON_PRETTIER: false VALIDATE_MARKDOWN_PRETTIER: false VALIDATE_YAML_PRETTIER: false From 1a5f3de0de76424ef948eb013fb67b0223d885de Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 25 Jan 2026 22:31:26 +0100 Subject: [PATCH 7/8] Rename Auto-Release to Release-GHRepository --- .github/workflows/Release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Release.yml b/.github/workflows/Release.yml index 47d3f27..e180285 100644 --- a/.github/workflows/Release.yml +++ b/.github/workflows/Release.yml @@ -34,6 +34,6 @@ jobs: persist-credentials: false - name: Release - uses: PSModule/Auto-Release@eabd533035e2cb9822160f26f2eda584bd012356 # v1.9.5 + uses: PSModule/Release-GHRepository@88c70461c8f16cc09682005bcf3b7fca4dd8dc1a # v2 env: GITHUB_TOKEN: ${{ github.token }} From ba37d6057463b303ac46637ce71be9582849bbc7 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 25 Jan 2026 22:43:51 +0100 Subject: [PATCH 8/8] Fix version comment to use patch level --- .github/workflows/Release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Release.yml b/.github/workflows/Release.yml index e180285..d8a2564 100644 --- a/.github/workflows/Release.yml +++ b/.github/workflows/Release.yml @@ -34,6 +34,6 @@ jobs: persist-credentials: false - name: Release - uses: PSModule/Release-GHRepository@88c70461c8f16cc09682005bcf3b7fca4dd8dc1a # v2 + uses: PSModule/Release-GHRepository@88c70461c8f16cc09682005bcf3b7fca4dd8dc1a # v2.0.1 env: GITHUB_TOKEN: ${{ github.token }}